Open
Cached
·
just now
19
Headers
Detected Technologies from Headers
AWS
Microsoft Advertising
Cloudsmith
Cookiebot
Datadog
Firebase
Google AdSense
Google Conversion Tracking
Google DoubleClick
Google Maps
Google reCAPTCHA
Google Search
Google Static File Front End
Google Translate
jsDelivr
LinkedIn
Next.js
Qualified
Sentry
Simple Analytics
Statuspage
Stripe
Vercel
YouTube
Zendesk
Google Cloud
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Transfer-Encoding
chunked
Vary
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
connection: close transfer-encoding: chunked vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
Age
0
Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate
age: 0 cache-control: private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
Server
Vercel
X-Powered-By
Next.js
server: Vercel x-powered-by: Next.js
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Sun, 03 May 2026 06:38:40 GMT
Link
URL
/_next/static/media/MDSystem_Regular-s.p.06kk6zc0bbobx.woff2
rel=preload
as=font
crossorigin
nonce=ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm
type=font/woff2
URL
/_next/static/media/MDSystem_Semibold-s.p.0kso2myril3i2.woff2
rel=preload
as=font
crossorigin
nonce=ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm
type=font/woff2
URL
/_next/static/media/ReplicaLLSub_Regular-s.p.13xnqlzkkf_r3.woff2
rel=preload
as=font
crossorigin
nonce=ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm
type=font/woff2
URL
/_next/static/media/ReplicaMonoLLSub_Regular-s.p.0ot0jgakgow8d.woff2
rel=preload
as=font
crossorigin
nonce=ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm
type=font/woff2
Report-To
Report-To: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"undefined"}],"include_subdomains":true}
X-Csrf-Token
AAiQ2WlU6+U+BWaladec0qj8r1sfz8dgkzG/4Meb
X-Matched-Path
/login
X-Vercel-Cache
MISS
X-Vercel-Id
iad1::dub1::lvm2t-1777790319820-692c89ad094f
date: Sun, 03 May 2026 06:38:40 GMT
link: </_next/static/media/MDSystem_Regular-s.p.06kk6zc0bbobx.woff2>; rel=preload; as="font"; crossorigin=""; nonce="ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm"; type="font/woff2", </_next/static/media/MDSystem_Semibold-s.p.0kso2myril3i2.woff2>; rel=preload; as="font"; crossorigin=""; nonce="ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm"; type="font/woff2", </_next/static/media/ReplicaLLSub_Regular-s.p.13xnqlzkkf_r3.woff2>; rel=preload; as="font"; crossorigin=""; nonce="ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm"; type="font/woff2", </_next/static/media/ReplicaMonoLLSub_Regular-s.p.0ot0jgakgow8d.woff2>; rel=preload; as="font"; crossorigin=""; nonce="ZTQxNzk4MjAtYzBjMi00ZjhkLWI3MWUtY2ZiZmM0YjRjYjNm"; type="font/woff2"
report-to: Report-To: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"undefined"}],"include_subdomains":true}
x-csrf-token: AAiQ2WlU6+U+BWaladec0qj8r1sfz8dgkzG/4Meb
x-matched-path: /login
x-vercel-cache: MISS
x-vercel-id: iad1::dub1::lvm2t-1777790319820-692c89ad094f
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology